GSR-IconBannerAd_v1d

Security Advisories

Trustwave Press Releases

« Five E-Commerce Security Myths (Part 2) | Main | Analyzing PDF Malware - Part 3B »

25 June 2012

Comments

Of course it very important issue because most of we depended on internet service from our small firm to corporate sector. Also we are using online service like e- banking, credit card etc.So that password safety is very important fact for us. Otherwise we may lose many things. Really your analysis of the password straight is very interesting.

Not only eHarmony, add probably Meetic, Parship, PlentyOfFish, Match, Chemistry, Perfectmatch, eDarling (eHarmony in Europe) and many others, who had suffered hacking attempts or not publicized hacking incidents.
-----------
The entire Online Dating Industry for serious daters in 1st World Countries is a HOAX, performing as a Big Online Casino, with a low effectiveness/efficiency level of their matching algorithms (less than 10%) eHarmony, is a nearly a 12 years old obsolete site, uses a Compatibility Matching Algorithm based on personality similarity with the Big5 normative personality test and Dyadic Adjustment Scale (invented by Dr. Graham B. Spanier in 1976) as its core. The Guided Communication Process (a mutual filtering step) is an appendix of its main matching algorithm. eHarmony is not "scientifically proven" because eHarmony Labs could not prove eHarmony's matching algorithm can match prospective partners who will have more stable and satisfying relationships -and very low divorce rates- than couples matched by chance, astrological destiny, personal preferences, searching on one's own, or other technique as the control group in a peer reviewed Scientific Paper.

it seems there might be an opening here for a company to outsource the storage of secure data, so that it is not under the control of companyxyz. Best practices will not be followed. Market forces are too late to address this.

Fair enough, and I'll have a look at PTJ, seems like it might have some interesting features.

Interesting, but what about the 20% that you didn't crack? Is it because they had better passwords, or more specials characters? Without understanding that limitation, analyzing these numbers could be very misleading.

We used mainly manual techniques (as crazy as it sounds) in combination with PTJ (https://github.com/jgrunzweig/ptj). While pipal (http://www.digininja.org/projects/pipal.php) is a great tool, we did not end up using it for the analysis of the eHarmony dump.

Any chance of a mention for the tool used to create those great stats?

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment